RSBAC Grsec Selinux ProPolice and Pax

Archaic archaic at
Sun Jan 18 06:28:03 PST 2004

On Sun, Jan 18, 2004 at 01:24:48PM +0000, Christopher James Coleman wrote:
> SELinux's RBAC mechanism allows for automatic transition between zones,
> whereas the GRSec RBAC mechanism allows only for manual transition through
> the gradm2 application.

How useful is this? I'm just trying to get a feel of what is likely to
be needed and which method will achieve those needs.

> As I stated before, SELinux/GRSec/RSBAC are all, pretty much, capable
> of doing whatever the others can do. What needs to happen is for a
> security policy to be defined in unambiguous terms.

Feel free to draft something. Then we can hammer it out on the lists.

> At that point it is then easiest to see which system will achieve
> those aims with the most certainty. That is not to say that all
> systems cannot be an option, despite one system having been favoured.

But in the course of a book, one option needs to be favored as both
options will require different configuration leaving the book
discombobulated if trying to figure out what instructions to follow and
how to configure each set of options. The other can certainly be a hint
or even an appendix or chapter of its own, but should still be separated
from the main instructions.

> I have played with SELinux and GRSec. I would say that GRSec is
> definitely the easier of the two, especially if somebody does not
> intend to do a lot of reading.

Always a plus! :)

> Just my thoughts,
> .chris

Keep 'em coming. :)


The real point of audits is to instill fear, not to extract revenue; the
IRS aims at winning through intimidation and (thereby) getting maximum
voluntary compliance

- Paul Strassel, former IRS Headquarters Agent Wall St. Journal 1980

More information about the hlfs-dev mailing list